Recommended Posts

Hello. I''m doing an adventure game engine (games much like Secret of Monkey Island, or Maniac Mansion, 2D) and I found XML as a good language to describe all the data of a game. Because it has a well defined structure, and Java (the language I´m writing this) has already an XML parser, it saves me a lot of time .
I´d like to know if you have done this for your game previously, and tell us how did you went through it. Specifically, if there is any issue in the ''security'' part (say, if somebody can alter the data files in order to cheat).
Mac for productivity
Linux for development
Palm for mobility
Windows... for the Solitaire

Share this post

Link to post

Share on other sites

jkeppens: there is a very good parser from microsoft. its calles msxml. the actual version is 4.0. i tried a few other ones like from ibm or some open source things but they were more complicated or didn''t work very well.

Share this post

Link to post

Share on other sites

quote:I´d like to know if you have done this for your game previously, and tell us how did you went through it. Specifically, if there is any issue in the 'security' part (say, if somebody can alter the data files in order to cheat).

XML stands for 'Extensible Markup Language' and like other markup-languages (HTML, VRML, etc...) it's Clear Text. Calling it a data file is a bit of a glorification.In short, if you use XML, you couldn't make it any easier to modify the game data. And this should not be viewed as a bad thing, unless you're making a MOG.

...

quote:Original post by thona VERY nice - ubreakable (especially if your whole program is also protected from manipulation by itself and the runtime).

Reasonable protection I can believe, saying it's "unbreakable" raises credibility issues. The only type of encryption that's even close to unbreakable, is one-time pads (which are useless).

A lock is only as safe as it's keys - so it doesn't matter if you use 1Mb encryption that still doesn't make it safe.

quote:...and the program only has the verification key.

That won't really matter when I pop-open the debugger, and change the successful check from a jz (or jnz) to a jmp.

Public-key cryptography only provides very high confidences that a message is authentic (that is from who it says it is). And only if the private key is kept safe. They do not prevent unauthorized data access what-so-ever - to do that you must physically prevent them from having access to the data (i.e. a network server doesn't send you any data from a file of you are not authorized to read it).

So all that XML encryption does, is provide a high-level of confidence that the configuration file is from you.